Support Center > Search Results > SecureKnowledge Details
How to resolve the error 'sshd-x[PID]: reverse mapping checking getaddrinfo for HOST.DOMAIN failed - POSSIBLE BREAKIN ATTEMPT!' in /var/log/messages file?
  • /var/log/messages file shows the following error:

    sshd-x[PID]: reverse mapping checking getaddrinfo for HOSTNAME.DOMAIN failed - POSSIBLE BREAKIN ATTEMPT!

    Nov 19 00:15:25 FireWall_001 [LOG_INFO] sshd-x[25130]: reverse mapping checking getaddrinfo for failed - POSSIBLE BREAK-IN ATTEMPT!

The Forward DNS record and Reverse DNS (PTR) record are not consistent with each other.

The system is trying to do a Reverse DNS lookup to match the connecting IP address with the hostname that is trying to connect and fails to do so.


In the above example:

  • The host is connecting to FireWall_001 over SSH.
  • Lookup for the hostname associated to that IP address resolves to
  • Resolving the IP address associated with fails because either the IP address is not, or cannot be resolved.


Possible troubleshooting steps (the order of the steps does not matter):

  • Verify that DNS server are configured correctly in the /etc/resolv.conf file.

  • Add the manual entry for relevant connecting machines into /etc/hosts file.

  • Disable lookup of the hostnames for connecting machines by setting "UseDNS no" directive in the /etc/ssh/sshd_config file.

  • Do not use simple passwords for SSH. The best idea to to disable passwords altogether and use SSH keys only.

  • Disable root login by setting "PermitRootLogin no" directive in the /etc/ssh/sshd_config file.

  • Change the port SSHD daemon is running on by setting the desired port in "Port" directive or in "ListenAddress IPv4_Address:Port" directive in the /etc/ssh/sshd_config file.

  • Change the shell for nobody user to /bin/false or /bin/nologin.


Imported from Nokia support database

Give us Feedback
Please rate this document